From 3209f11d1f43257b4140cf9fbe753ad20701eb65 Mon Sep 17 00:00:00 2001 From: James Muehlner Date: Wed, 13 Feb 2013 12:13:30 -0800 Subject: [PATCH] Ticket #269: Changed database permission enums from WRITE to UPDATE. --- .../schema/guacamole-auth-mysql-schema.sql | 4 +- .../net/auth/mysql/MySQLConstants.java | 50 +++++++------ .../mysql/utility/PermissionCheckUtility.java | 70 +++++++++---------- 3 files changed, 61 insertions(+), 63 deletions(-) diff --git a/extensions/guacamole-auth-mysql/schema/guacamole-auth-mysql-schema.sql b/extensions/guacamole-auth-mysql/schema/guacamole-auth-mysql-schema.sql index 4d74f1e4c..1bfbf6815 100644 --- a/extensions/guacamole-auth-mysql/schema/guacamole-auth-mysql-schema.sql +++ b/extensions/guacamole-auth-mysql/schema/guacamole-auth-mysql-schema.sql @@ -42,7 +42,7 @@ CREATE TABLE `guacamole_connection_parameter` ( CREATE TABLE `guacamole_connection_permission` ( `user_id` int(11) NOT NULL, `connection_id` int(11) NOT NULL, - `permission` enum('READ','WRITE','DELETE','ADMINISTER') NOT NULL, + `permission` enum('READ','UPDATE','DELETE','ADMINISTER') NOT NULL, PRIMARY KEY (`user_id`,`connection_id`,`permission`), CONSTRAINT `guacamole_connection_permission_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `guacamole_connection` (`connection_id`), CONSTRAINT `guacamole_connection_permission_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `guacamole_user` (`user_id`) @@ -66,7 +66,7 @@ CREATE TABLE `guacamole_system_permission` ( CREATE TABLE `guacamole_user_permission` ( `user_id` int(11) NOT NULL, `affected_user_id` int(11) NOT NULL, - `permission` enum('READ','WRITE','DELETE','ADMINISTER') NOT NULL, + `permission` enum('READ','UPDATE','DELETE','ADMINISTER') NOT NULL, PRIMARY KEY (`user_id`,`affected_user_id`,`permission`), CONSTRAINT `guacamole_user_permission_ibfk_1` FOREIGN KEY (`affected_user_id`) REFERENCES `guacamole_user` (`user_id`), CONSTRAINT `guacamole_user_permission_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `guacamole_user` (`user_id`) diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java index e34b76ee7..becec0ed2 100644 --- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java +++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java @@ -35,37 +35,35 @@ * ***** END LICENSE BLOCK ***** */ package net.sourceforge.guacamole.net.auth.mysql; +import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission; +import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission; +import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission; +import net.sourceforge.guacamole.net.auth.permission.UserPermission; + /** - * Constants relevant to the guacamole-auth-mysql project. + * A set of constants that useful for the MySQL-based authentication provider. * @author James Muehlner */ -public interface MySQLConstants { +public final class MySQLConstants { - //*********** Permission Strings *********** - // operations - public static final String CREATE = "CREATE"; - public static final String READ = "READ"; - public static final String WRITE = "WRITE"; - public static final String DELETE = "DELETE"; - public static final String ADMINISTER = "ADMINISTER"; + /** + * This class should not be instantiated. + */ + private MySQLConstants() {} - // used to separate operations from objects - public static final String SEPARATOR = "_"; + // Permission constants + public static final String USER_READ = UserPermission.Type.READ.name(); + public static final String USER_UPDATE = UserPermission.Type.UPDATE.name(); + public static final String USER_DELETE = UserPermission.Type.DELETE.name(); + public static final String USER_ADMINISTER = UserPermission.Type.ADMINISTER.name(); + public static final String USER_CREATE = UserDirectoryPermission.Type.CREATE.name(); - //object types - public static final String USER = "USER"; - public static final String CONNECTION = "CONNECTION"; + public static final String CONNECTION_READ = ConnectionPermission.Type.READ.name(); + public static final String CONNECTION_UPDATE = ConnectionPermission.Type.UPDATE.name(); + public static final String CONNECTION_DELETE = ConnectionPermission.Type.DELETE.name(); + public static final String CONNECTION_ADMINISTER = ConnectionPermission.Type.ADMINISTER.name(); + public static final String CONNECTION_CREATE = ConnectionDirectoryPermission.Type.CREATE.name(); - //combinations - public static final String CREATE_USER = CREATE + SEPARATOR + USER; - public static final String READ_USER = READ + SEPARATOR + USER; - public static final String WRITE_USER = WRITE + SEPARATOR + USER; - public static final String DELETE_USER = DELETE + SEPARATOR + USER; - public static final String ADMINISTER_USER = ADMINISTER + SEPARATOR + USER; - - public static final String CREATE_CONNECTION = CREATE + SEPARATOR + CONNECTION; - public static final String READ_CONNECTION = READ + SEPARATOR + CONNECTION; - public static final String WRITE_CONNECTION = WRITE + SEPARATOR + CONNECTION; - public static final String DELETE_CONNECTION = DELETE + SEPARATOR + CONNECTION; - public static final String ADMINISTER_CONNECTION = ADMINISTER + SEPARATOR + CONNECTION; + public static final String SYSTEM_USER_CREATE = "USER_CREATE"; + public static final String SYSTEM_CONNECTION_CREATE = "CONNECTION_CREATE"; } diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java index 096b2af35..876297fdd 100644 --- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java +++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java @@ -97,35 +97,35 @@ public class PermissionCheckUtility { Provider mySQLConnectionProvider; public boolean checkUserReadAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.READ_USER); + return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_READ); } - public boolean checkUserWriteAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.WRITE_USER); + public boolean checkUserUpdateAccess(int userID, int affectedUserID) { + return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_UPDATE); } public boolean checkUserDeleteAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.DELETE_USER); + return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_DELETE); } public boolean checkUserAdministerAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.ADMINISTER_USER); + return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_ADMINISTER); } public boolean checkUserReadAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.READ_USER); + return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_READ); } - public boolean checkUserWriteAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.WRITE_USER); + public boolean checkUserUpdateAccess(int userID, String affectedUsername) { + return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_UPDATE); } public boolean checkUserDeleteAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.DELETE_USER); + return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_DELETE); } public boolean checkUserAdministerAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.ADMINISTER_USER); + return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_ADMINISTER); } /** @@ -163,7 +163,7 @@ public class PermissionCheckUtility { * @return the list of all users this user has administer access to */ public List getAdministerableUsers(int userID) { - return getUsers(userID, MySQLConstants.ADMINISTER_USER); + return getUsers(userID, MySQLConstants.USER_ADMINISTER); } /** @@ -172,7 +172,7 @@ public class PermissionCheckUtility { * @return the list of all users this user has delete access to */ public List getDeletableUsers(int userID) { - return getUsers(userID, MySQLConstants.DELETE_USER); + return getUsers(userID, MySQLConstants.USER_DELETE); } /** @@ -180,8 +180,8 @@ public class PermissionCheckUtility { * @param userID * @return the list of all users this user has write access to */ - public List getWriteableleUsers(int userID) { - return getUsers(userID, MySQLConstants.WRITE_USER); + public List getUpdateableUsers(int userID) { + return getUsers(userID, MySQLConstants.USER_UPDATE); } /** @@ -190,7 +190,7 @@ public class PermissionCheckUtility { * @return the list of all users this user read has access to */ public List getReadableUsers(int userID) { - return getUsers(userID, MySQLConstants.READ_USER); + return getUsers(userID, MySQLConstants.USER_READ); } /** @@ -234,35 +234,35 @@ public class PermissionCheckUtility { } public boolean checkConnectionReadAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.READ_CONNECTION); + return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_READ); } - public boolean checkConnectionWriteAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.WRITE_CONNECTION); + public boolean checkConnectionUpdateAccess(int userID, int affectedConnectionID) { + return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_UPDATE); } public boolean checkConnectionDeleteAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.DELETE_CONNECTION); + return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_DELETE); } public boolean checkConnectionAdministerAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.ADMINISTER_CONNECTION); + return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_ADMINISTER); } public boolean checkConnectionReadAccess(int userID, String affectedConnectionname) { - return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.READ_CONNECTION); + return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_READ); } - public boolean checkConnectionWriteAccess(int userID, String affectedConnectionname) { - return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.WRITE_CONNECTION); + public boolean checkConnectionUpdateAccess(int userID, String affectedConnectionname) { + return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_UPDATE); } public boolean checkConnectionDeleteAccess(int userID, String affectedConnectionname) { - return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.DELETE_CONNECTION); + return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_DELETE); } public boolean checkConnectionAdministerAccess(int userID, String affectedConnectionname) { - return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.ADMINISTER_CONNECTION); + return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_ADMINISTER); } /** @@ -300,7 +300,7 @@ public class PermissionCheckUtility { * @return the list of all connections this connection has administer access to */ public List getAdministerableConnections(int userID) { - return getConnections(userID, MySQLConstants.ADMINISTER_CONNECTION); + return getConnections(userID, MySQLConstants.CONNECTION_ADMINISTER); } /** @@ -309,7 +309,7 @@ public class PermissionCheckUtility { * @return the list of all connections this connection has delete access to */ public List getDeletableConnections(int userID) { - return getConnections(userID, MySQLConstants.DELETE_CONNECTION); + return getConnections(userID, MySQLConstants.CONNECTION_DELETE); } /** @@ -317,8 +317,8 @@ public class PermissionCheckUtility { * @param connectionID * @return the list of all connections this connection has write access to */ - public List getWriteableleConnections(int userID) { - return getConnections(userID, MySQLConstants.WRITE_CONNECTION); + public List getUpdateableConnections(int userID) { + return getConnections(userID, MySQLConstants.CONNECTION_UPDATE); } /** @@ -327,7 +327,7 @@ public class PermissionCheckUtility { * @return the list of all connections this connection read has access to */ public List getReadableConnections(int userID) { - return getConnections(userID, MySQLConstants.READ_CONNECTION); + return getConnections(userID, MySQLConstants.CONNECTION_READ); } /** @@ -376,7 +376,7 @@ public class PermissionCheckUtility { * @return */ public boolean checkCreateUserPermission(int userID) { - return checkSystemPermission(userID, MySQLConstants.CREATE_USER); + return checkSystemPermission(userID, MySQLConstants.SYSTEM_USER_CREATE); } /** @@ -385,7 +385,7 @@ public class PermissionCheckUtility { * @return */ public boolean checkCreateConnectionPermission(int userID) { - return checkSystemPermission(userID, MySQLConstants.CREATE_CONNECTION); + return checkSystemPermission(userID, MySQLConstants.SYSTEM_CONNECTION_CREATE); } /** @@ -434,7 +434,7 @@ public class PermissionCheckUtility { /** * Get all permissions a given user has. * @param userID - * @return + * @return all permissions a user has. */ public Set getAllPermissions(int userID) { Set allPermissions = new HashSet(); @@ -497,9 +497,9 @@ public class PermissionCheckUtility { List systemPermissions = systemPermissionDAO.selectByExample(systemPermissionExample); for(SystemPermissionKey systemPermission : systemPermissions) { SystemPermission newPermission = null; - if(systemPermission.getPermission().equals(MySQLConstants.CREATE_USER)) + if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE)) newPermission = new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE); - else if(systemPermission.getPermission().equals(MySQLConstants.CREATE_CONNECTION)) + else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE)) newPermission = new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE); if(newPermission != null)